본문 바로가기

컴퓨터/노트북/인터넷

IT 컴퓨터 기기를 좋아하는 사람들의 모임방

단축키

Prev이전 문서

Next다음 문서

수정 삭제

단축키

Prev이전 문서

Next다음 문서

수정 삭제
Extra Form

Apache 2.4 이상 버전에서 403 에러가 발생. error.log 를 보니 다음과 같은 에러가 있었다.

 

[Tue Dec 11 17:49:19.350384 2012] [authz_core:error] 
[pid 5308:tid 1576] [client 127.0.0.1:53603] AH01630: 
client denied by server configuration: /DOCUMENT_ROOT

 

 


아마도 우분투를 업그레이드하면서 (2.2에서 2.4로 업그레이드) 기존에쓰던 conf 파일 옵션값이 문제를 일으킨모양이다.

 

apache 2.2

<Directory /DOCUMENT_ROOT>

   ~~~

    Order allow,deny

    Allow from all

</Directory>

 

apache 2.4 최신

<Directory /DOCUMENT_ROOT>

    ~~~

    Require all granted

</Directory>

 

 

 

 

 

 

 

 

아래는 apache 공식사이트 설명문서다.

 

https://httpd.apache.org/docs/2.4/upgrading.html

 

 

 

 

2.2 configuration:

Order deny,allow
Deny from all

2.4 configuration:

Require all denied

In this example, there is no authentication and all requests are allowed.

2.2 configuration:

Order allow,deny
Allow from all

2.4 configuration:

Require all granted

In the following example, there is no authentication and all hosts in the example.org domain are allowed access; all other hosts are denied access.

2.2 configuration:

Order Deny,Allow
Deny from all
Allow from example.org

2.4 configuration:

Require host example.org

In the following example, mixing old and new directives leads to unexpected results.

Mixing old and new directives: NOT WORKING AS EXPECTED

DocumentRoot "/var/www/html"

<Directory "/">
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Location "/server-status">
    SetHandler server-status
    Require local
</Location>

access.log - GET /server-status 403 127.0.0.1
error.log - AH01797: client denied by server configuration: /var/www/html/server-status

Why httpd denies access to servers-status even if the configuration seems to allow it? Because mod_access_compat directives take precedence over the mod_authz_host one in this configuration merge scenario.

This example conversely works as expected:

Mixing old and new directives: WORKING AS EXPECTED

DocumentRoot "/var/www/html"

<Directory "/">
    AllowOverride None
    Require all denied
</Directory>

<Location "/server-status">
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow From 127.0.0.1
</Location>

access.log - GET /server-status 200 127.0.0.1

So even if mixing configuration is still possible, please try to avoid it when upgrading: either keep old directives and then migrate to the new ones on a later stage or just migrate everything in bulk.

In many configurations with authentication, where the value of the Satisfy was the default of ALL, snippets that simply disabled host-based access control are omitted:

2.2 configuration:

# 2.2 config that disables host-based access control and uses only authentication
Order Deny,Allow
Allow from all
AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
Require valid-user

2.4 configuration:

# No replacement of disabling host-based access control needed
AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
Require valid-user

In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting both criteria:

2.2 configuration:

Order allow,deny
Deny from all
# Satisfy ALL is the default
Satisfy ALL
Allow from 127.0.0.1
AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
Require valid-user

2.4 configuration:

AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
<RequireAll>
  Require valid-user
  Require ip 127.0.0.1
</RequireAll>

In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting either criteria:

2.2 configuration:

Order allow,deny
Deny from all
Satisfy any
Allow from 127.0.0.1
AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
Require valid-user

2.4 configuration:

AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
# Implicitly <RequireAny>
Require valid-user
Require ip 127.0.0.1

컴퓨터/노트북/인터넷

IT 컴퓨터 기기를 좋아하는 사람들의 모임방

List of Articles
번호 분류 제목 조회 수 날짜
공지 뉴스 구글 최신 뉴스 file 1452 2024.12.12
HOT글 일반 샤오미 BE6500 라우터 실사용 후기 (Wi-Fi 7 + 2.5G 스위치 기능까지 ㄷㄷ) 4 1011 2025.06.28
공지 🚨(뉴비필독) 전체공지 & 포인트안내 20 28547 2024.11.04
공지 URL만 붙여넣으면 끝! 임베드 기능 22670 2025.01.21
10641 네이버 지식쇼핑을 보면 깜놀랄일 3952 2014.03.23
10640 mysql 6.0 다운로드 (windows 계열 32비트용) 2786 2014.03.29
10639 리니지 프리서버 - 춘자 2.7클라이언트 2 9505 2014.03.30
10638 안녕하세요 1925 2014.04.07
10637 가입했습니당^.^ 1 2189 2014.04.07
10636 가입인사드립니다. 1 2124 2014.04.07
10635 스위트망고입니다. 반갑습니다 1 2196 2014.04.07
10634 영자님 2 4002 2014.04.11
10633 카오스원 2 3277 2014.04.11
10632 컴퓨터 포멧하려는데 BIOS 화면이 안떠요. 6 5186 2014.04.12
10631 하이하이 1 4142 2014.04.12
10630 영자씨 1 2622 2014.04.13
10629 인텔 v프로 원격제어 지원 메인보드-애즈락 Q87M 프로 출시 2850 2014.04.26
10628 하즈웰 4세대 오버클럭시 온도차이. 2379 2014.04.26
10627 갠적으로 마음에 드는 그래픽카드 GTX760 PHANTOM DDR5 2G 1 2843 2014.04.26
10626 탑파워 TOPOWER TOP-500D 80PLUS Bronze 1943 2014.04.26
10625 슈퍼플라워 SF-500P12A 후기 1711 2014.04.26
10624 인텔 코어 i7 하스웰 4770 추천드림 2424 2014.04.26
10623 듀얼 모니터 작업표시줄 프로그램 2976 2014.04.26
10622 일반하드랑 ssd랑 차이가 심한가요? 1 3035 2014.04.26
10621 로지텍 Gaming Mouse G100 쓰다보니 2200 2014.04.26
10620 AMD FX 8300 비쉐라는 인텔 cpu 어느것과 동급인가요? 1 4270 2014.04.26
10619 인텔 G3220 하스웰- 부모님 조립해드렸어요 2422 2014.04.26
10618 인텔 제온 E3-1230V3, 제온짝퉁이라니? 2633 2014.04.26
10617 ipTIME Extender2 무선공유기 wifi 확장써보니...안습 2324 2014.04.26
10616 안철수 v3백신도 좋지만, avast가 더 좋은것 같아요 2489 2014.04.27
10615 컴퓨터가 아무래도 연차가 있다보니.. 1 3410 2014.04.27
10614 그외 컴퓨터 온도측정 프로그램 hwmonitor 3777 2014.04.28
10613 이용하는 사람이 별로 없나바요. 3 3510 2014.04.28
10612 안녕하세요^^ 이번에 PC 새로 맞추려는데 1 2336 2014.04.28
Board Pagination Prev 1 2 3 4 5 6 7 8 9 10 ... 355 Next
/ 355